Your protection

Online safety and cybersecurity.

Time to read:
10 minutes

At a glance

Understand the different ways fraudsters try to access your information—including phishing, malware, and account takeover schemes.

Get tips and tools on protecting your data in your T‑Mobile account or other accounts online.

Stop and think before engaging with anything that seems suspicious—it’s one of the best ways to protect yourself online.

Get ahead of fraud

You’ve probably heard terms like “identity theft” and “online fraud,” which are shorthand ways to describe when someone attempts to gain access to or misuse a person’s information—like opening new credit accounts or taking over an existing account. 

Along with using the tools we offer at T-Mobile to protect you and your data, we recommend familiarizing yourself with common fraud types, simple steps you can take to protect your online security, and how to get additional help if you need it.

Common fraud types

Fraudsters have many ways to try to access your information. They might try to log in to an online account (such as a T-Mobile, bank, or email account) using passwords they obtained illegally. Or, they might try to get the password directly from the potential victim or the account provider through techniques such as: 

Phishing, SMShing, & vishing

Fraudsters send an e-mail or text message or make a phone call to con someone into providing personal information (e.g., email address, passwords, etc.) directly or by visiting a bogus website.  

T-Mobile will never ask you to confirm or verify your sensitive personal information in an unsolicited e-mail, text, or inbound call. Read this Avoiding phone scams article to learn more.

Malware & ransomware

Fraudsters con someone into visiting a website or downloading an app, malware software, or file that appears to be from a legitimate source. Once the malware is on the device, it collects personal data. And when the fraudster demands a ransom payment for the release of that data, it’s then called ransomware.

Man-in-the-middle attacks

A technique involving interception of information intended for someone else. This might happen in connection with other techniques. For instance, the interception might occur through malware the fraudster placed on your device, or as a result of a phishing effort that leads you to a fake website that captures information you intended to enter on a legitimate site.


A person poses as someone else to gain access to account information. One common pretexting scheme involves impersonation based on information the fraudster knows about the potential victim. 

Account takeover schemes

A fraudster impersonates you and transfers your phone number to a device they control. They do this either by switching your phone number to another carrier or swapping the SIM card assigned to your phone number without your permission. 

Customers have legitimate reasons to do both—for example, you may choose to switch carriers or need to replace your SIM card if you lose your phone. But fraudsters try to misuse these functions to gain control of your phone number and gain access to your online accounts (like email and online banking). Read How T-Mobile helps customers fight account takeover fraud to learn more. 


Cybersecurity is the practice of protecting systems, networks, programs, and technologies from digital attacks. At T-Mobile, we work hard to keep your information safe with state-of-the-art cybersecurity technology, rigorous monitoring and response operations, and strict compliance to global industry standards.

Like any corporation, T-Mobile isn’t immune to criminal attacks. As the privacy and security landscape rapidly shifts, standards are continually evolving. We’re committed to meeting those standards and being transparent about them. You deserve to know how your data is used, how you can control it, and what we’re doing to protect it.

Safety tips

There are simple steps you can take to help protect yourself online—whether in your T‑Mobile account or other accounts. One of the best ways is to remain vigilant and monitor your online accounts, bank statements, and credit reports regularly for unauthorized activity.

Learn how your online accounts work and manage your security settings. For example, understand how the applications and online platforms you use authenticate your identity and what choices you have for authentication.

There's no way to completely ensure online safety, but here are some considerations:

Password security

Use strong passwords with a combination of letters, numbers, and special characters for your T‑Mobile ID and other accounts. Change your passwords periodically and anytime there’s any sign of misuse. Don’t reuse passwords you’ve used for other sites. Don’t give others your passwords or provide them via phone or email.  

Reset your T‑Mobile ID password.

Reset your Customer Care Pin/Passcode

Reset your Voicemail password.

Run regular software updates

Keep your home computers and mobile devices safe by running regular software updates and security patches. Consider changing your software update option to "Auto Update" for all software on your computers and mobile devices.

Account notifications

Have your notifications turned on for logins from other devices on all the accounts you use. Getting notified of suspicious behavior right away is one of the best ways to get ahead of fraud. You can turn on notifications in the settings of the accounts you use, including your T-Mobile account.

Report lost or stolen devices

If your T-Mobile device is lost or stolen, prevent unauthorized access by suspending your account right away. Log into or call Customer Care by dialing 1-800-937-8997 from any device. Then use Android Device Manager, Find My iPhone, iCloud, or Lookout to remotely lock, locate, or wipe your device.

Get lost or stolen device help.

Anti-malware software

Use anti-malware software from a trusted source and always keep it up to date by letting the software update its file of known issues, called signatures. 

Wi-Fi security

Be cautious when using public Wi-Fi. Most public Wi-Fi hotspots aren’t secure enough and don’t encrypt the information you send over the internet. Avoid sending passwords, credit card numbers, or other financial information over a public Wi-Fi network and only visit secure websites containing a URL that starts with “HTTPS://”.

If you’re using your smartphone, tablet, or PC as an access point for other devices to connect to the internet, always enable Wi-Fi Protected Access.

At home, consider encrypting your home network by updating your router settings to either WPA3 or WPA2 Personal.

Password managers

Remembering a lot of passwords can be difficult and even risky—that’s where password managers come in. These tools help you generate strong passwords and store them in an encrypted place—all while only having to remember one password to access them. A few password managers we recommend are 1Password, Apple's iCloud Keychain, KeePass, and LastPass

Two-step verification

Apply two types of identification on accounts where you can, including on your T‑ account. For other accounts, review the security options offered by the account provider.

Add two-step verification to your T‑ account. 

Protect your SIM

Your phone’s Subscriber Identity Module (SIM) card stores information, like your phone numbers, service details, and, in some cases, text messages. Most phones still use a removable SIM card, but some have a permanent, electronic eSIM chip. There are ways to protect both from scammers.

Set a security PIN
If your device is lost or stolen, you can prevent someone else from re-using your SIM by setting a strong PIN code that’s hard to guess—for example, don’t use 1234 or 1111. Visit this tutorial to learn how to set your confidential PIN.

Enable SIM Protection
We make it easy and free to lock your SIM card so changes can’t be made to your phone without your permission. To activate your SIM Protection, log in to your T-Mobile account and find the settings under My account > Profile > Privacy and Notification. You can turn SIM Protection on or off for each line on your account using the toggles.

Visit our SIM Protection page for more information.

Report digital scams, spam, and fraud

Never confirm your sensitive personal data or account information in response to an unsolicited email, text, or inbound call. T-Mobile will never send you a request for such information, and you should only provide that information to T-Mobile or any other account provider when you have initiated contact to a known, reliable number or address. If our company name or brand is used in efforts to fraudulently obtain personal information, we’ll work aggressively to halt those activities.

SMS phishing or SMShing
If you’re a T-Mobile or Metro customer, report suspicious SMS messages by forwarding the text to 7726. You can also block the sender or opt out of subscriptions.

Email phishing
Attach a copy of any suspicious email and send it to so we can investigate.

Voice phishing or vishing
If you’re unsure who’s calling, it’s best to let the call go directly to voicemail. With our free Scam Shield™ app, you can see who’s calling, block calls that are likely scams, and report unwanted calls. 

Learn more in our Help with scams, spam, and fraud support page.

Avoid suspicious links

Protect yourself by not clicking links or opening attachments from unknown senders. Suspicious links can contain malware or ransomware—a type of malware that encrypts or locks your computer files and demands payment to a fraudster to get them unlocked. Stop and think before you click on something from an unknown or suspicious sender.

Do Not Call

The national Do Not Call registry gives you the choice about whether you receive telemarketing calls. Once your number is on the registry, commercial telemarketers are not allowed to call you. Other types of organizations may still call you, like charities, political groups, and debt collectors.

Add your number to the National Do Not Call Registry.

Safety tools

We also offer additional ways to protect yourself and keep your personal data secure. Added safety tools provided by T-Mobile help with preventing account takeovers, spam calls, and more.

Account takeover protection

Account Takeover Protection, a free feature for T‑Mobile, T‑Mobile for Business, T‑Mobile Postpaid, and Sprint customers, adds protection steps before your phone number can be ported to another carrier.

Scam Shield

Prevention is key in protecting yourself from scams. T-Mobile’s Scam Shield gives you the tools to stop scammers from ever contacting you with protections that include Scam Likely, Scam Block, and Caller ID.


PROXY gives you an extra number to use when you don’t want to share your private phone number. Calls, voicemails, and texts are accessible any time in the DIGITS app.

Number Change

You can change your phone number—for any reason—up to one time per year at no extra charge.

Help & resources

If you believe you’ve been impacted by any form of online fraud—including an identity theft incident or a breach of your personal information—you should:

File initial reports

Call your account providers, including your financial institutions and wireless provider, change your passwords, and take additional steps they may recommend.

File a report with the FTC.

File a police report with your local authorities.

Check with your state Attorney General for resources particular to your state.

Place a fraud alert on your credit report

Contact one of the three credit bureaus—Equifax, Experian, or TransUnion. Whichever bureau you alert will notify the other bureaus of your fraud alert. Also consider placing a credit freeze—which requires you to contact all three bureaus separately—or a credit lock. Both prevent others from taking out credit in your name without your knowledge.

How to place a fraud alert.

Report unauthorized account activity

Report directly to the companies where you believe fraud has occurred. To report unauthorized T‑Mobile activity, immediately contact Customer Care by dialing 611 from your T‑Mobile phone or 1-800-937-8997 from any other device.

T‑Mobile will fully cooperate with any investigation undertaken by law enforcement. For legal document requests, please forward a subpoena or court order to: T‑Mobile Law Enforcement Relations Group, 4 Sylvan Way, Parsippany, NJ 07054. Fax: 973-292-8697

File a FACTA request

Under the Fair and Accurate Credit Transactions Act (FACTA), you have a right to access and receive information related to suspected identity theft. To obtain this information from T‑Mobile, you must send us the following items:

  1. A copy of a police report that has been filed regarding the identity theft
  2. A completed FTC affidavit
  3. A copy of a state-issued picture ID or driver’s license
  4. A letter requesting the specific documentation in writing

Most frequent requests include copies of bills, credit applications, or shipping requests. Please note, copies of video surveillance require a legal document request. Please mail or fax a copy of each of these to the following address or fax number:


Attn: Fraud Management/FACT

PO Box 90880

Allentown, PA 18109
Fax: 813-353-6262

Additional resources

There’s a lot of great information available from government agencies and others about identity theft protection and online safety. We recommend:

Related links

  • A parent and child looking at the SyncUP KIDS Watch together.

    Family Controls and privacy Your Protection

    Learn about the choices you can make around children’s data use and collection.

  • A couple looking at a phone together.

    Your privacy around the web Your protection

    Take control of your privacy on websites outside of T-Mobile.

  • Person using their phone to request their personal data.

    Request your personal data Your data

    Access some of the personal data we collect about you—and delete it—by following these steps.